Barracuda Spam Firewall Guide
Barracuda API – 3.x Firmware
Barracuda Spam Firewall
These are instructions to help understand and implement the Barracuda API capability available on the Barracuda
Spam Firewall in the version 3.x firmware series. If you have any questions after reading this document, please
call us at 408-342-5400 or email us at support@barracuda.com. Note: the API is only available on certain
models. Please check with your sales representative if you are uncertain whether the model you are considering
has the API feature.
What is the Barracuda API?
The Barracuda Spam Firewall APIs are a set of CGI scripts that can be used to administer the Barracuda
Spam Firewall in a remote manner. This is useful for tasks that happen frequently but may be difficult to
perform one-by-one in the Web UI. An example of one such task is adding a domain to the list of allowed
domains on the Barracuda Spam Firewall.
The API works through manipulation of variables inside of the configuration. To view the available variables in
your current configuration, create a system configuration backup file, and view the contents in any editor that
supports UNIX file format (for instance, NotePad if you are under Windows).
Access to these remote administration capabilities is limited to IPs on a trusted IP list configured on the
BASIC->Administration page, in the “Allowed SNMP and API Management IP/Range” section. Attempts to call
these APIs from any IP address that is not on that list will be denied.
The following API scripts are available:
● config_get.cgi: This script is used to return the contents of a variable.
● config_set.cgi: This script is used to set the contents of a variable.
● config_set_bulk.cgi: This script is used to set the contents of a multiple variables (available on
firmware version 3.4 and higher).
● config_add.cgi: This script is used to add an entry to a list variable (or add users).
● config_delete.cgi: This script is used to remove an entry from a list variable (or delete users).
● config_search.cgi: This script is used to obtain a row index for a value in a list variable.
● config_reload.cgi: This script is used to reload the configuration settings. This script must be called
after making changes with the other scripts in order for your new settings to be utilized.
● add_domain.cgi: This script is used to add additional domains. (available on firmware version 3.5
and higher).
● delete_domain.cgi: This script is used to remove existing domains. (available on firmware version
3.5 and higher).
This document provides an overview of the basic usage of each script, along with possible output. Various
scenarios and some basic requests on how to accomplish the desired tasks are provided in the final section.
Note: Use of config_search.cgi and the associated calls that use a row number to alter domains has been
deprecated. That functionality has been replaced as of the 3.4.11 firmware by new API scripts that deal
directly with domains: add_domain.cgi, and delete_domain.cgi. Additionally, the original scripts have been
modified as well to use a 'domain' parameter instead of a row parameter to change domain values. The ability
to use the 'row' parameter to change domain values will soon be removed completely.
Revision 2a - 070611 Page 1
Barracuda API – 3.x Firmware
Barracuda Spam Firewall
Request/Response from the API
Request: These scripts are called just like any other URL using an HTTP GET (or an HTTP POST for
config_set_bulk.cgi). Each API takes its own set of parameters in the URL that will be detailed in the section
for each API below. To make the request, use the base URL of your Barracuda that you use for connecting to
the Web UI and append the script you wish to use. For example: http://barracuda.mydomain.com:8000/cgi-
bin/config_get.cgi
Response: The response from the scripts is in the form of XML. The XML output will appear as follows for a
successful request or for a request that has an error.
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<scana_block_level>9</scana_block_level>
</config>
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<Error>
<Code>500</Code>
<String>No such variable in configuration.</String>
</Error>
</config>
Revision 2a - 070611 Page 2
Barracuda API – 3.x Firmware
Barracuda Spam Firewall
Using config_get.cgi
Variables Allowed: The following variables are utilized by the config_get CGI script. Append these variables
to the URL in standard HTTP GET request format.
● variable :: This is a required parameter that tells the API which variable to return.
● password :: This is a required parameter for the usage of the API. The API password is used to
authenticate access to a page, and is set by your administrator.
● row :: This is an optional parameter that tells the API to get the value for the given row inside of
variable. (Note: This is only available if the variable you wish to get is a list variable, and is the zero
based index of the value to retrieve).
● list :: This is an optional parameter that tells the API to return a list of variables available on the
system.
● list_users :: This is an optional parameter that tells the API to return the current list of user accounts
on the system.
● account :: This is an optional parameter that tells the API to lookup variable in the specified per-user
account instead of in the global configuration.
● domain :: This is an optional parameter used to retrieve a variable's value from a specific domain.
(available on firmware version 3.5 and higher).
Successful Output: If the variable requested is a variable with only a single value the output will be different
than the output for a variable that is a list. The two types of requests and results are shown below.
http://barracuda/cgi-bin/config_get.cgi?variable=scana_block_level&password=api_passsword
Gets the global block level
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<scana_block_level>9</scana_block_level>
</config>
http://barracuda/cgi-bin/config_get.cgi?variable=scana_pd_block_level&domain=foo.com&password=api_password
Gets the block level for domain foo.com
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<scana_pd_block_level>9</scana_pd_block_level>
</config>
http://barracuda/cgi-bin/config_get.cgi?variable=mta_relay_domain&password=api_password
Gets the allowed domain list for the system
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<mta_relay_domain>domain1.com</mta_relay_domain>
<mta_relay_domain>domain2.com</mta_relay_domain>
<mta_relay_domain>domain3.com</mta_relay_domain>
</config>
Revision 2a - 070611 Page 3
Barracuda API – 3.x Firmware
Barracuda Spam Firewall
Possible Error Codes: The error output format is the same as shown in the Request/Response from the
API section. The following error codes are possible from the config_get script.
• 500 :: No such variable in configuration.
o This error is given if the variable requested is not present in the global configuration, or the
per-user configuration if an account was specified.
• 501 :: Account does not exist.
o This error is given if the account requested does not exist on the system with per-user
settings.
• 502 :: Row does not exist.
o This error is given if the requested row does not exist in the requested variable.
Revision 2a - 070611 Page 4
Barracuda API – 3.x Firmware
Barracuda Spam Firewall
Using config_set.cgi
Variables Allowed: The following variables are utilized by the config_set CGI script. Append these variables
to the URL in standard HTTP GET request format.
● variable :: This is a required parameter that tells the API which variable to return.
● value :: This is a required parameter that tells the API what value to set for variable.
● password :: This is a required parameter for the usage of the API. The API password is used to
authenticate access to a page, and is set by your administrator.
● account :: This is an optional parameter that tells the API to set variable in the specified per-user
account instead of in the global configuration.
● row :: This is an optional parameter that tells the API to set the value for the given row inside of
variable. (Note: This is only needed if the variable you wish to set is a list variable, and is the zero
based index of the value to override).
● domain :: This is an optional parameter used to set a variable's value for a specific domain.
(available on firmware version 3.5 and higher).
Successful Output: If the variable requested is a list variable, the call must indicate the row you wish to
manipulate. This row can be found by performing a config_search API call to request the row index for a
given value in a list variable. This row is a zero-based index. Samples of both request types are shown below
as well as the successful output.
http://barracuda/cgi-bin/config_get.cgi?variable=scana_block_level&value=4&password=api_password
Sets the global block level
http://barracuda/cgi-bin/config_set.cgi?variable=scana_pd_tag_level&value=7&domain=foo.com&pasword=api_password
Sets the per-domain tag level to the value 7 for foo.com.
<?xml version="1.0" encoding="UTF-8" ?>
<config>
<Result>200: OK</Result>
</config>
Possible Error Codes: The error output format is the same as shown in the Request/Response from the
API section. The following error codes are possible from the config_set script.
• 800 :: No such variable in configuration.
o This error is given if the variable requested is not present in the global configuration, or the
per-user configuration if an account was specified.
• 801 :: Account does not exist.
o This error is given if the account requested does not exist on the system with per-user
settings.
• 802 :: Variable is a list, so you must provide the row index to alter.
o This error is given if a list variable is specified and no row index to set given.
• 803 :: You must provide a value to set.
o This error is given if no value was specified in the HTTP request.
• 804 :: Variable-specific error message.
o This is a custom error message and will tell you if the value you tried to set was not valid for
the configuration type (example: trying to set an IP address to a text value).
Revision 2a - 070611 Page 5
Loading...